I’ve configured HA Proxy as the load balancer for a couple of Symantec proxies on the back end. Generally everything is working correctly, but I’m intermittently seeing issues with some websites. One being Twitter and the other one What’s App.

Looking at Twitter, when not working, the following URL does not load, https://twitter.com/push_service_worker.js, but displays a 503 error. Whether the site loads or not, I’m seeing exactly the same request headers, see attached.

If I point the browser to any of the proxy servers on the back-end directly, this error does not occur. I’ve verified this with multiple browsers.

Just wondering what else I can do to trace what is happening here? A basic tcpdump on the haproxy server, shows the request does reach the load balancer.

Both should work. But actually if you are just load-balancing between to outgoing proxy-servers you may as well TCP-load-balance (mode tcp). You can’t really use any HTTP features anyway so you may as well just load-balance actual TCP connections.

It’s either http-tunnel or http-keep-alive. By configuring both one will overwrite the other.

Actually, all 3 modes (tcp mode, http mode with http-tunnel and http mode with http-keep-alive) should work with NTLM. However, because NTLM is such an fragile, non-standard and crappy protocol, the actual behavior may depend on additional factors like client and backend server behavior.

Can you post the output of haproxy -vv just to check if you are running into any known bugs on the haproxy side?

either http-tunnel or http-keep-alive. By configuring both one will overwrite the other.

Actually, all 3 modes (tcp mode, http mode with http-tunnel and http mode with http-keep-alive) should work with NTLM. However, because NTLM is such an fragile, non-standard and crappy protocol, the actual behavior may depend on additional factors like client and backend server behavior.

Can you post the output of haproxy -vv just to check if you are running into any known bugs on the haproxy side?

Sorry for the delay, output of the command below.

I’m wondering if this issue could be related to the proxy servers on the back end, not seeing the client IPs, it’s only seeing the proxy server’s IP.